Securing your WordPress site

Security is the most neglected part of a WordPress site life cycle. Many people recall about it when it is too late, when their sites are already hacked. You probably won't be one of them so please take it really seriously. It costs nothing (there are free plugins) to fully protect your site against attackers and their malware software.

Use the WordFence plugin

From many good plugins (both free and paid) available on the market, we recommend the Wordfence Security plugin. As a good starting point, please check the How to Configure Wordfence Security Plugin for WordPress tutorial.

Keep plugins up to date

We all know that WordPress wouldn't exist without plugins. We all use them and thanks to them we can save a lot of time instead of building everything from scratch. All you need to do to keep your site safe is to remember about keeping all your plugins up to date. If you don't use a plugin anymore, just deactivate (or remove) it, but never leave it outdated. It's the easiest way to give any potential hacker access to your site.

Other good practices

The Wordfence Security plugin gives you almost ultimate protection. If this plugin detects any potential security issue you will be immediately notified about it. But it can't detect and solve all of them. Some are related to human nature, so we also strongly advise to stick to these rules:

  • Don't give the admin access to anyone
  • Make sure that users with access to your site have correct access level
  • Use strong passwords (Wordfence has an option to force your users to use strong passwords, use it!)